Thursday, February 18, 2010

Kneber Botnet Infects 75,000 Computers Globally: Report

Security firm Netwitness reported on Wednesday that a variant of the Zeus Trojan has infected some 75,000 computers globally. It's created a botnet, which has been dubbed the Kneber botnet after a username that links the infected PCs on corporate and government systems.

According to the report, about 2,500 organizations worldwide. Netwitness didn't go into detail on the organizations that had their security breached by the Kneber botnet, but the Wall Street Journal listed a few of them: Merck, Cardinal Health, Paramount Pictures, and Juniper Networks.

NetWitness said that it first discovered the Kneber botnet in January during a deployment of their NetWitness advanced monitoring solutions. They have a white paper here that describes their findings.

The report stated that data analyzed by Netwitness contained over 68,000 stolen login credentials during a 4-­‐week period. The data showed the top two sets of credentials stolen were for Yahoo! and Facebook. However, in addition to stealing specific data, Zeus and thus the Kneber botnet can be used to download and execute programs, search for and steal files, and allow someone to remotely control infected computers.

The top 5 countries affected (in order):
  • Egypt (19 percent)
  • Mexico (15 percent)
  • Saudi Arabia (13 percent)
  • Turkey (12 percent)
  • United States (11 percent)
Alex Cox, the Principal Analyst at NetWitness responsible for uncovering the Kneber botnet, said:
"Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,but that viewpoint is naive. When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS and consider more diverse mission objectives."
NetWitness said the attacks have been going on for about 18 months and appeared to originate in Europe and China. Netwitness has shared its Kneber botnet findings with the targeted companies and government agencies.
Ads by

No comments: